CVE-2024-54170 |
Description: IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
February 27th, 2025 (4 months ago)
|
CVE-2024-54169 |
Description: IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 27th, 2025 (4 months ago)
|
CVE-2024-13148 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025.
CVSS: CRITICAL (9.8) EPSS Score: 0.04% SSVC Exploitation: none
February 27th, 2025 (4 months ago)
|
![]() |
Description: A Threat Actor is Selling Admin Access to OOS Software HRM
February 27th, 2025 (4 months ago)
|
![]() |
Description: A Threat Actor Claims to be Selling Admin Access to BYD India Private Limited
February 27th, 2025 (4 months ago)
|
![]() |
Description: Data poisoning represents the next big existential cybersecurity threat — unless organizations can ensure their AI systems are safe and trustworthy.
February 27th, 2025 (4 months ago)
|
![]() |
Description: “Today’s algorithm showed me around 70 murders, 100+ accidents, and around 115 violence videos, is anyone on Instagram noticing it?”
February 27th, 2025 (4 months ago)
|
![]() |
Description: Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage.
February 27th, 2025 (4 months ago)
|
CVE-2025-27154 |
Description: Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.
CVSS: HIGH (8.4) EPSS Score: 0.01%
February 27th, 2025 (4 months ago)
|
CVE-2024-9334 |
Description: Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024.
CVSS: HIGH (8.2) EPSS Score: 0.06%
February 27th, 2025 (4 months ago)
|